Apiiro launches Guardian Agent to guard AI coding agents

Apiiro launched Guardian Agent to prevent Artificial Intelligence (AI) coding agents from producing vulnerable or non-compliant code, citing a need to address rapid increases in code volume and unmanaged risk.

The company said that after adopting AI coding agents, enterprises generated four times more code, expanded their application attack surface by six times, and increased risk by as much as ten times; much of this code was produced without full human review and often lacked validation against organizational security and compliance requirements.

Guardian Agent operated as an always-on AppSec capability across the Secure Development Lifecycle (SDLC), automatically rewriting developer prompts into secure prompts in real time and using continuous context from an organization’s Software Graph, Risk Graph, security and compliance policies, and runtime exposure; the product used patent-pending technology to perform those prompt transformations.

Apiiro said the feature set built on its AutoFix Agent lineage and introduced a patented Secure Prompt technology; the agent was developed with Fortune 500 customers, required no plugins or workflow changes, and aimed to reduce manual security training, ad-hoc threat modeling, release risk questionnaires, and post-development remediation cycles.

“Enterprises are flying blind as code velocity, attack surface expansion, and risk introduced by AI coding agents are growing far faster than humans and siloed scanners can handle,” said Idan Plotnik, CEO of Apiiro. “To stay in control, organizations must have real-time software inventory and move from detecting and prioritizing risk to preventing it – without adding more work for developers. With Guardian Agent, we’re defining the next era of application security, where prevention replaces alert fatigue, and security finally operates at the speed of AI.” “Guardrails built into pipelines are still reactive in the developer's context,” said Trevi Perry, VP Attack Surface Management, and Pete Database Encryption Layer (DEL) Rosso, Global Head of DevOps at Prudential. “The Guardian Agent will be transformational in shifting the operating model for application security. Combined with AI code generation, it seamlessly integrates the development process to rewrite prompts so they are developed into secure/compliant code. This reduces cost and improves the value of security in a real business context.”

Apiiro said the agent would continue to expand with additional capabilities to continuously prevent risk across the SDLC, and Guardian Agent was available in private preview.